I am about to do a clean install of Arch Linux and I am trying to learn a bit more about Linux security. One of my questions has to do with encryption on Linux.
I often use the log-out feature on my laptop instead of the shutdown and will sometimes step away from my computer for a few minutes. In light of this, I was wondering whether the following setup would have merit:
LUKS for full-disk encryption
AND
fscrypt to encrypt home directory when logged out, set up according to this wiki article.
I am very new to the concepts surrounding Linux security, so I appreciate all feedback!
To be a bit more specific, I am asking whether simply using fscrypt on home directory could cause my non home directories to be exposed to potential security issues even when the computer is shut down, thus meaning that Luks would be beneficial as well.
I don’t know what benefit you would get with home encryption if you already do full disk encryption. Is the lock screen bypassable?
Moreover, filesystem support with fscrypt seems to be limited to ext4, F2FS, and UBIFS. But F2FS is a very fast filesystem, the fastest filesystem I in my experience, and also supports transparent data compression recently. So, it would be good to go for your home directory.
It shouldnt be according to the arch wiki if i set up the PAM module.
Moreover, filesystem support with fscrypt seems to be limited to ext4, F2FS, and UBIFS. But F2FS is a very fast filesystem, the fastest filesystem I in my experience, and also supports transparent data compression recently. So, it would be good to go for your home directory.
Personally, i use ext4 for my filesystem so that isn’t an issue for me.